com.vmware.vcenter.namespace_management.supervisors package¶
Subpackages¶
Submodules¶
com.vmware.vcenter.namespace_management.supervisors.identity_client module¶
The com.vmware.vcenter.namespace_management.supervisors.identity_client
module provides classes related to identity management for a Supervisor.
-
class
com.vmware.vcenter.namespace_management.supervisors.identity_client.
Providers
(config)¶ Bases:
vmware.vapi.bindings.stub.VapiInterface
The
Providers
class provides methods to configure identity management on a Supervisor. This class was added in vSphere API 8.0.0.1.- Parameters
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
-
class
CreateSpec
(display_name=None, issuer_url=None, username_claim=None, groups_claim=None, client_id=None, client_secret=None, certificate_authority_data=None, additional_scopes=None, additional_authorize_parameters=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.CreateSpec
class is used to register a new upstream identity provider for use with a Supervisor. This class was added in vSphere API 8.0.0.1.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
display_name (
str
) – A name to be used for the given identity provider. This name will be displayed in the vCenter UI. This attribute was added in vSphere API 8.0.0.1.issuer_url (
str
) – The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme. This attribute was added in vSphere API 8.0.0.1.username_claim (
str
orNone
) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user. This attribute was added in vSphere API 8.0.0.1. If None, the upstream issuer URL will be concatenated with the ‘sub’ claim to generate the username to be used with Kubernetes.groups_claim (
str
orNone
) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user. This attribute was added in vSphere API 8.0.0.1. If None, no groups will be used from the upstream identity provider.client_id (
str
) – The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor. This attribute was added in vSphere API 8.0.0.1.client_secret (
str
) – The OAuth 2.0 client secret to be used by the Supervisor when authenticating to the upstream identity provider. This attribute was added in vSphere API 8.0.0.1.certificate_authority_data (
str
orNone
) – Certificate authority data to be used to establish HTTPS connections with the identity provider. This must be a PEM-encoded value. This attribute was added in vSphere API 8.0.0.1. If None, HTTPS connections with the upstream identity provider will rely on a default set of system trusted roots.additional_scopes (
list
ofstr
orNone
) – Additional scopes to be requested in tokens issued by this identity provider. This attribute was added in vSphere API 8.0.0.1. If None, no additional scopes will be requested.additional_authorize_parameters ((
dict
ofstr
andstr
) orNone
) – Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware’s Cloud Services Platform, if your organization ID is ‘long-form-org-id’, the ‘orgLink’ parameter can be set to “/csp/gateway/am/api/orgs/long-form-org-id” to allow users logging in to leverage that organization. This attribute was added in vSphere API 8.0.0.1. If None, no additional parameters will be sent to the upstream identity provider.
-
class
Info
(provider=None, display_name=None, issuer_url=None, username_claim=None, groups_claim=None, client_id=None, certificate_authority_data=None, additional_scopes=None, additional_authorize_parameters=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.Info
class provides details about an identity provider configured with a Supervisor. This class was added in vSphere API 8.0.0.1.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
provider (
str
) – The immutable identifier of an identity provider generated when an identity provider is registered for a Supervisor. This attribute was added in vSphere API 8.0.0.1. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type:com.vmware.vcenter.namespace_management.identity.Provider
. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type:com.vmware.vcenter.namespace_management.identity.Provider
.display_name (
str
) – A name to be used for the given identity provider. This name will be displayed in the vCenter UI. This attribute was added in vSphere API 8.0.0.1.issuer_url (
str
) –The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme. This attribute was added in vSphere API 8.0.0.1.
username_claim (
str
orNone
) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user. This attribute was added in vSphere API 8.0.0.1. If None, the upstream issuer URL will be concatenated with the ‘sub’ claim to generate the username to be used with Kubernetes.groups_claim (
str
orNone
) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user. This attribute was added in vSphere API 8.0.0.1. If None, no groups will be used from the upstream identity provider.client_id (
str
) – The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor. This attribute was added in vSphere API 8.0.0.1.certificate_authority_data (
str
orNone
) – The certificate authority data holds the trusted roots to be used to establish HTTPS connections with the identity provider. This attribute was added in vSphere API 8.0.0.1. If None, HTTPS connections with the upstream identity provider will rely on a default set of system trusted roots.additional_scopes (
list
ofstr
orNone
) – Additional scopes to be requested in tokens issued by this identity provider. The ‘openid’ scope will always be requested. This attribute was added in vSphere API 8.0.0.1. If None, no additional scopes will be requested.additional_authorize_parameters ((
dict
ofstr
andstr
) orNone
) – Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware’s Cloud Services Platform, if your organization ID is ‘long-form-org-id’, the ‘orgLink’ parameter can be set to “/csp/gateway/am/api/orgs/long-form-org-id” to allow users logging in to leverage that organization. This attribute was added in vSphere API 8.0.0.1. If None, no additional parameters will be sent to the upstream identity provider.
-
class
SetSpec
(display_name=None, issuer_url=None, username_claim=None, groups_claim=None, client_id=None, client_secret=None, certificate_authority_data=None, additional_scopes=None, additional_authorize_parameters=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.SetSpec
class is used to fully replace the configuration of an upstream identity provider for use with a Supervisor. This class was added in vSphere API 8.0.0.1.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
display_name (
str
) – A name to be used for the given identity provider. This name will be displayed in the vCenter UI. This attribute was added in vSphere API 8.0.0.1.issuer_url (
str
) –The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme. This attribute was added in vSphere API 8.0.0.1.
username_claim (
str
orNone
) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user. This attribute was added in vSphere API 8.0.0.1. If None, the upstream issuer URL will be concatenated with the ‘sub’ claim to generate the username to be used with Kubernetes.groups_claim (
str
orNone
) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user. This attribute was added in vSphere API 8.0.0.1. If None, no groups will be used from the upstream identity provider.client_id (
str
) – The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor. This attribute was added in vSphere API 8.0.0.1.client_secret (
str
) – The OAuth 2.0 client secret to be used by the Supervisor when authenticating to the upstream identity provider. This attribute was added in vSphere API 8.0.0.1.certificate_authority_data (
str
orNone
) – Certificate authority data to be used to establish HTTPS connections with the identity provider. This must be a PEM-encoded value. This attribute was added in vSphere API 8.0.0.1. If None, HTTPS connections with the upstream identity provider will rely on a default set of system trusted roots.additional_scopes (
list
ofstr
orNone
) – Additional scopes to be requested in tokens issued by this identity provider. This attribute was added in vSphere API 8.0.0.1. If None, no additional scopes will be requested.additional_authorize_parameters ((
dict
ofstr
andstr
) orNone
) – Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware’s Cloud Services Platform, if your organization ID is ‘long-form-org-id’, the ‘orgLink’ parameter can be set to “/csp/gateway/am/api/orgs/long-form-org-id” to allow users logging in to leverage that organization. This attribute was added in vSphere API 8.0.0.1. If None, no additional parameters will be sent to the upstream identity provider.
-
class
Summary
(provider=None, display_name=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.Summary
class provides an overview of an identity provider configured for the given Supervisor. This class was added in vSphere API 8.0.0.1.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
provider (
str
) – The immutable identifier of an identity provider generated when an identity provider is registered for a Supervisor. This attribute was added in vSphere API 8.0.0.1. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type:com.vmware.vcenter.namespace_management.identity.Provider
. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type:com.vmware.vcenter.namespace_management.identity.Provider
.display_name (
str
) – A name to be used for the given identity provider. This name will be displayed in the vCenter UI. This attribute was added in vSphere API 8.0.0.1.
-
class
UpdateSpec
(display_name=None, issuer_url=None, username_claim=None, unset_username_claim=None, groups_claim=None, unset_groups_claim=None, client_id=None, client_secret=None, certificate_authority_data=None, unset_certificate_authority_data=None, additional_scopes=None, additional_authorize_parameters=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.UpdateSpec
class contains the specification required to update the configuration of an identity provider used with a Supervisor. This class was added in vSphere API 8.0.0.1.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
display_name (
str
orNone
) – A name to be used for the given identity provider. This name will be displayed in the vCenter UI. This attribute was added in vSphere API 8.0.0.1. if None, the name will remained unchanged.issuer_url (
str
orNone
) –The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme. This attribute was added in vSphere API 8.0.0.1. If None, the issuer URL will not be updated.
username_claim (
str
orNone
) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user. This attribute was added in vSphere API 8.0.0.1. If None, the username claim will not be updated.unset_username_claim (
bool
orNone
) – This represents the intent of the change toProviders.UpdateSpec.username_claim
. If this field is set totrue
, the existing ‘usernameClaim’ value will be removed. If this field is set tofalse
, the existing username claim will be changed to the value specified inProviders.UpdateSpec.username_claim
, if any. This attribute was added in vSphere API 8.0.0.1. If None, the existing ‘usernameClaim’ value will be changed to the value specified inProviders.UpdateSpec.username_claim
, if any.groups_claim (
str
orNone
) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user. This attribute was added in vSphere API 8.0.0.1. If None, the groups claim will not be updated.unset_groups_claim (
bool
orNone
) – This represents the intent of the change toProviders.UpdateSpec.groups_claim
. If this field is set totrue
, the existing ‘groupsClaim’ value will be removed. If this field is set tofalse
, the existing groups claim will be changed to the value specified inProviders.UpdateSpec.groups_claim
, if any. This attribute was added in vSphere API 8.0.0.1. If None, the existing ‘groupsClaim’ value will be changed to the value specified inProviders.UpdateSpec.groups_claim
, if any.client_id (
str
orNone
) – The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor. This attribute was added in vSphere API 8.0.0.1. If None, the client ID will not be updated.client_secret (
str
orNone
) – The OAuth 2.0 client secret to be used by the Supervisor when authenticating to the upstream identity provider. This attribute was added in vSphere API 8.0.0.1. If None, the client secret will not be updated.certificate_authority_data (
str
orNone
) – Certificate authority data to be used to establish HTTPS connections with the identity provider. This must be a PEM-encoded value. This attribute was added in vSphere API 8.0.0.1. If None, the certificate authority data will not be updated.unset_certificate_authority_data (
bool
orNone
) – This represents the intent of the change toProviders.UpdateSpec.certificate_authority_data
. If this field is set totrue
, the existing ‘certificateAuthorityData’ value will be removed. If this field is set tofalse
, the existing certificate authority data will be changed to the value specified inProviders.UpdateSpec.certificate_authority_data
, if any. This attribute was added in vSphere API 8.0.0.1. If None, the existing ‘certificateAuthorityData’ value will be changed to the value specified inProviders.UpdateSpec.certificate_authority_data
, if any.additional_scopes (
list
ofstr
orNone
) – Additional scopes to be requested in tokens issued by this identity provider. This attribute was added in vSphere API 8.0.0.1. If None, the additional scopes will not be updated.additional_authorize_parameters ((
dict
ofstr
andstr
) orNone
) – Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware’s Cloud Services Platform, if your organization ID is ‘long-form-org-id’, the ‘orgLink’ parameter can be set to “/csp/gateway/am/api/orgs/long-form-org-id” to allow users logging in to leverage that organization. This attribute was added in vSphere API 8.0.0.1. If None, the additional parameters will not be updated.
-
create
(supervisor, spec)¶ Create a new identity provider to be used with a Supervisor. Currently, only a single identity provider can be created. This method was added in vSphere API 8.0.0.1.
- Parameters
supervisor (
str
) – the Supervisor for which the identity provider is being registered. The parameter must be an identifier for the resource type:com.vmware.vcenter.namespace_management.supervisor.Supervisor
.spec (
Providers.CreateSpec
) – the {#link CreateSpec} describing the identity provider to be registered.
- Return type
str
- Returns
a unique identifier for the identity provider that was registered. The return value will be an identifier for the resource type:
com.vmware.vcenter.namespace_management.identity.Provider
.- Raise
com.vmware.vapi.std.errors_client.Error
if the system reports an error while responding to the request.- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
if the \@{param.name spec} contains any errors.- Raise
com.vmware.vapi.std.errors_client.Unsupported
if the specified Supervisor does not exist, or if an identity provider is already configured.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the user cannot be authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the user is missing the Namespaces.Manage privilege on the Supervisor.
-
delete
(supervisor, provider)¶ Remove an identity provider configured with a given Supervisor. This will result in users no longer being able to log in to either the Supervisor or any of its workload clusters with that identity provider. This method was added in vSphere API 8.0.0.1.
- Parameters
supervisor (
str
) – the identifier of the Supervisor which is associated with the identity provider being removed. The parameter must be an identifier for the resource type:com.vmware.vcenter.namespace_management.supervisor.Supervisor
.provider (
str
) – the identifier for the identity provider that is to be deleted. The parameter must be an identifier for the resource type:com.vmware.vcenter.namespace_management.identity.Provider
.
- Raise
com.vmware.vapi.std.errors_client.Error
if the system reports an error while responding to the request.- Raise
com.vmware.vapi.std.errors_client.NotFound
if the given identity provider or Supervisor cannot be found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the user cannot be authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the user is missing the Namespaces.Manage privilege on the Supervisor.
-
get
(supervisor, provider)¶ Returns information about an identity provider configured for a Supervisor. This method was added in vSphere API 8.0.0.1.
- Parameters
supervisor (
str
) – identifier for the Supervisor for which the identity provider is being read. The parameter must be an identifier for the resource type:com.vmware.vcenter.namespace_management.supervisor.Supervisor
.provider (
str
) – identifier for the identity provider that is being read. The parameter must be an identifier for the resource type:com.vmware.vcenter.namespace_management.identity.Provider
.
- Return type
- Returns
An {#link Info} representing the requested identity provider.
- Raise
com.vmware.vapi.std.errors_client.NotFound
if the given identity provider or Supervisor cannot be found.- Raise
com.vmware.vapi.std.errors_client.Error
if the system reports an error while responding to the request.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the user cannot be authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the user is missing the System.Read privilege on the Supervisor.
-
list
(supervisor)¶ List the identity providers configured for a given Supervisor. This method was added in vSphere API 8.0.0.1.
- Parameters
supervisor (
str
) – the Supervisor for which identity providers are being listed. The parameter must be an identifier for the resource type:com.vmware.vcenter.namespace_management.supervisor.Supervisor
.- Return type
- Returns
A list of {#link Summary} with details about the identity providers associated with a given Supervisor.
- Raise
com.vmware.vapi.std.errors_client.NotFound
if the given Supervisor cannot be found.- Raise
com.vmware.vapi.std.errors_client.Error
if the system reports an error while responding to the request.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the user cannot be authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the user is missing the System.Read privilege on the Supervisor.
-
set
(supervisor, provider, spec)¶ Update the entire configuration for an existing identity provider used with a Supervisor. This method was added in vSphere API 8.0.0.1.
- Parameters
supervisor (
str
) – the identifier for the Supervisor associated with the identity provider to be updated. The parameter must be an identifier for the resource type:com.vmware.vcenter.namespace_management.supervisor.Supervisor
.provider (
str
) – the identifier for the identity provider that is to be updated. The parameter must be an identifier for the resource type:com.vmware.vcenter.namespace_management.identity.Provider
.spec (
Providers.SetSpec
) – the {#link SetSpec} to be applied to the identity provider configuration.
- Raise
com.vmware.vapi.std.errors_client.Error
if the system reports an error while responding to the request.- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
if the \@{param.name spec} contains any errors.- Raise
com.vmware.vapi.std.errors_client.NotFound
if the given identity provider or Supervisor cannot be found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the user cannot be authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the user is missing the Namespaces.Manage privilege on the Supervisor.
-
update
(supervisor, provider, spec)¶ Update an existing identity provider used with a Supervisor. This method was added in vSphere API 8.0.0.1.
- Parameters
supervisor (
str
) – the identifier for the Supervisor associated with the identity provider to be updated. The parameter must be an identifier for the resource type:com.vmware.vcenter.namespace_management.supervisor.Supervisor
.provider (
str
) – the identifier for the identity provider that is to be updated. The parameter must be an identifier for the resource type:com.vmware.vcenter.namespace_management.identity.Provider
.spec (
Providers.UpdateSpec
) – the {#UpdateSpec} to be applied to the identity provider configuration.
- Raise
com.vmware.vapi.std.errors_client.Error
if the system reports an error while responding to the request.- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
if the \@{param.name spec} contains any errors.- Raise
com.vmware.vapi.std.errors_client.NotFound
if the given identity provider or Supervisor cannot be found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the user cannot be authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the user is missing the Namespaces.Manage privilege on the Supervisor.
-
class
com.vmware.vcenter.namespace_management.supervisors.identity_client.
StubFactory
(stub_config)¶ Bases:
vmware.vapi.bindings.stub.StubFactoryBase
Initialize StubFactoryBase
- Parameters
stub_config (
vmware.vapi.bindings.stub.StubConfiguration
) – Stub config instance